I have just started learning PHP, loving it, and advancing pretty quickly. I am using Code Snippets plugin because of its simplicity, and when getting into configuring API calls and storing into the database (key point being I'm using credentials in the code) I stopped and thought ''wait is this secure?"
So I did as much research as I could with my limited knowledge of the pertinent terminology to find out that the code I am writing is actually stored in the database.
Furthermore, my understanding is that Wordpress credentials are all stored and encrypted in the database and that there is a secure process of storing in the database. But if all data is encrypted by default or if only encrypted when configured to do so, I have no idea.
A brief summary of my current situation would be:
I am not well educated with higher/lower security risks of having information contained in the database vs folders (this is my main problem and main focus of my question)
Appart from checking the author of a plugin, I am unable to forge a educated opinion on ''if it is secure"
Appart from having a web server configured correctly by my hosting provider, I do not understand at which point PHP code or other elements that should not be accessed can become accessible.
I am using Wordfence plugin (WAF disabled), Cloudflare WAF and Cloudflare CDN (mentioning in case it could matter)
In the end, I would immensely appreciate some enlightening into going in the right direction moving forward in coding PHP and raising security flags when coding/installing plugins.
My Answer:
It's great to hear that you are enjoying learning PHP! When it comes to security in WordPress plugins and coding, there are a few important things to keep in mind:
1. Use secure coding practices: Make sure to sanitize and validate user input, escape output, and use prepared statements when interacting with the database to prevent SQL injection attacks.
2. Keep plugins updated: Make sure to regularly update your plugins and WordPress core to patch any security vulnerabilities that may have been discovered.
3. Limit access to sensitive information: Avoid hardcoding credentials in your code whenever possible. Instead, consider using environment variables or a secure configuration file outside of the web root.
4. Use secure APIs: When making API calls, make sure to use secure protocols such as HTTPS and validate the responses to prevent data tampering.
5. Consider using a security plugin: There are several security plugins available for WordPress that can help protect your site from common security threats.
Overall, it's important to be mindful of security best practices when developing plugins and coding in WordPress to help protect your site and user data.
Rate this post
5 of 5 based on 3516 votesComments